The subject matter discussed in the background section should not be assumed to be prior art merely as a result of its mention in the background section. Similarly, a problem mentioned in the background section or associated with the subject matter of the background section should not be assumed to have been previously recognized in the prior art. The subject matter in the background section merely represents different approaches, which in and of themselves may also be inventions.
Web applications are a big part of applications today. They vary from simple web site, travel and booking, enterprise, banking applications and many more. Each of these applications has a set of security threats relevant to it. These applications tend to have security code integrated in to the application itself, however; because these applications are relatively large, the surface is too big to cover with a single choke point. With the increased complexity comes additional risk for undetected vulnerabilities. This is one of the reasons web applications some times use a separate web application firewall system. This allows a separate code base to use a single choke point and evaluate the entire application behavior at run time for potential vulnerabilities.
One current method to correlate between a firewall and other systems is a timing based approach. For example, if when request A is received, a web application performs a specific database query B, the firewall and/or the web application will connect the two events and search for deviations. This approach is not accurate in the learning and also not accurate in the enforcing phases unless under very strict lab environments without any other noise.